specter/CyTube
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Add HTTPS check for ffmpeg and custom embeds

Browse source
This commit is contained in:
Calvin Montgomery 2017-01-05 20:58:07 -08:00
parent 5f4e9076df
commit e2abb90d14
6 changed files with 54 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
package.json
View file

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.26.0", "version": "3.27.0",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },
@ -53,10 +53,12 @@
"build-server": "babel -D --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/", "build-server": "babel -D --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/",
"postinstall": "./postinstall.sh", "postinstall": "./postinstall.sh",
"server-dev": "babel -D --watch --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/", "server-dev": "babel -D --watch --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/",
"generate-userscript": "$npm_node_execpath gdrive-userscript/generate-userscript $@ > www/js/cytube-google-drive.user.js" "generate-userscript": "$npm_node_execpath gdrive-userscript/generate-userscript $@ > www/js/cytube-google-drive.user.js",
"test": "mocha"
}, },
"devDependencies": { "devDependencies": {
"coffee-script": "^1.9.2" "coffee-script": "^1.9.2",
"mocha": "^3.2.0"
}, },
"babel": { "babel": {
"presets": [ "presets": [

23
src/config.js
View file

@ -414,3 +414,26 @@ exports.get = function (key) {
return obj[current]; return obj[current];
}; };
/**
* Sets a configuration value with the given key
*
* Accepts a dot-separated key for nested values, e.g. "http.port"
* Throws an error if a nonexistant key is requested
*/
exports.set = function (key, value) {
var obj = cfg;
var keylist = key.split(".");
var current = keylist.shift();
var path = current;
while (keylist.length > 0) {
if (!(current in obj)) {
throw new Error("Nonexistant config key '" + path + "." + current + "'");
}
obj = obj[current];
current = keylist.shift();
path += "." + current;
}
obj[current] = value;
};

12
src/customembed.js
View file

@ -44,6 +44,10 @@ function filterEmbed(tag) {
"is allowed for <embed> tags."); "is allowed for <embed> tags.");
} }
if (!/^https:/.test(tag.attribs.src)) {
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
}
var meta = { var meta = {
embed: { embed: {
tag: "object", tag: "object",
@ -67,6 +71,10 @@ function filterObject(tag) {
"is allowed for <object> tags."); "is allowed for <object> tags.");
} }
if (!/^https:/.test(tag.attribs.data)) {
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
}
var meta = { var meta = {
embed: { embed: {
tag: "object", tag: "object",
@ -86,6 +94,10 @@ function filterObject(tag) {
} }
function filterIframe(tag) { function filterIframe(tag) {
if (!/^https:/.test(tag.attribs.src)) {
throw new Error("Invalid embed. Embed source must be HTTPS, plain HTTP is not supported.");
}
var meta = { var meta = {
embed: { embed: {
tag: "iframe", tag: "iframe",

12
src/ffmpeg.js
View file

@ -40,7 +40,7 @@ function initFFLog() {
} }
function fixRedirectIfNeeded(urldata, redirect) { function fixRedirectIfNeeded(urldata, redirect) {
if (!/^https?:/.test(redirect)) { if (!/^https:/.test(redirect)) {
redirect = urldata.protocol + "//" + urldata.host + redirect; redirect = urldata.protocol + "//" + urldata.host + redirect;
} }
@ -74,8 +74,8 @@ function translateStatusCode(statusCode) {
function testUrl(url, cb, redirCount) { function testUrl(url, cb, redirCount) {
if (!redirCount) redirCount = 0; if (!redirCount) redirCount = 0;
var data = urlparse.parse(url); var data = urlparse.parse(url);
if (!/https?:/.test(data.protocol)) { if (!/https:/.test(data.protocol)) {
return cb("Only links starting with 'http://' or 'https://' are supported " + return cb("Only links starting with 'https://' are supported " +
"for raw audio/video support"); "for raw audio/video support");
} }
@ -315,9 +315,9 @@ exports.query = function (filename, cb) {
return cb("Raw file playback is not enabled on this server"); return cb("Raw file playback is not enabled on this server");
} }
if (!filename.match(/^https?:\/\//)) { if (!filename.match(/^https:\/\//)) {
return cb("Raw file playback is only supported for links accessible via HTTP " + return cb("Raw file playback is only supported for links accessible via HTTPS. " +
"or HTTPS. Ensure that the link begins with 'http://' or 'https://'"); "Ensure that the link begins with 'https://'.");
} }
testUrl(filename, function (err) { testUrl(filename, function (err) {

2
www/js/ui.js
View file

@ -446,7 +446,7 @@ $("#mediaurl").keyup(function(ev) {
queue("end", "url"); queue("end", "url");
} else { } else {
var url = $("#mediaurl").val().split("?")[0]; var url = $("#mediaurl").val().split("?")[0];
if (url.match(/^https?:\/\/(.*)?\.(flv|mp4|og[gv]|webm|mp3|mov|m4a)$/) || if (url.match(/^https:\/\/(.*)?\.(flv|mp4|og[gv]|webm|mp3|mov|m4a)$/) ||
url.match(/^fi:/)) { url.match(/^fi:/)) {
var title = $("#addfromurl-title"); var title = $("#addfromurl-title");
if (title.length === 0) { if (title.length === 0) {

8
www/js/util.js
View file

@ -1426,7 +1426,13 @@ function parseMediaLink(url) {
/* Raw file */ /* Raw file */
var tmp = url.split("?")[0]; var tmp = url.split("?")[0];
if (tmp.match(/^https?:\/\//)) { if (tmp.match(/^https?:\/\//)) {
if (tmp.match(/\.(mp4|flv|webm|og[gv]|mp3|mov|m4a)$/)) { if (tmp.match(/^http:/)) {
Callbacks.queueFail({
link: url,
msg: "Raw files must begin with 'https'. Plain http is not supported."
});
throw new Error("ERROR_QUEUE_HTTP");
} else if (tmp.match(/\.(mp4|flv|webm|og[gv]|mp3|mov|m4a)$/)) {
return { return {
id: url, id: url,
type: "fi" type: "fi"